This page will generate a fairly sensible input access list to be deployed on the WAN interface of a cisco router facing the Internet. Please note that this is no substitute for a properly-configured firewall ! There is a limit to what can be achieved with static packet filters on a router at the best of times and the filters generated by this program are only intented to filter out the most obvious of attacks while allowing anything which looks even remotely legitimate pass in. If in doubt, please seek expert advice.
This tool is very much in "beta". Comments/observations/suggestions welcome to eamonn@bogpeople.com